Loading

FactoryTalk® View Site Edition Multiple Vulnerabilities

Severity:
High
Advisory ID:
SD1720
게시한 날짜:
January 28, 2025
최근 업데이트:
January 28, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
예
Workaround:
예
CVE IDs
CVE-2025-24481,
CVE-2025-24482
파일(다운로드)
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
CVE-2025-24481
CVE-2025-24482
요약

AFFECTED PRODUCTS AND SOLUTION

Affected Product

CVE

Affected Version(s)

Corrected in Software Version

FactoryTalk® View SE

CVE-2025-24481

< V15.0

V15.0, and patch for v14 (AID 1152306)

CVE-2025-24482

< V15.0

V15.0, and patches for V12, V13, V14 (1152304)

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2025-24481 IMPACT

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.

CVSS 3.1 Base Score: 7.3
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS 4.0 Base Score: 7.0
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CWE-732:  Incorrect Permission Assignment for Critical Resource
Known Exploited Vulnerability (KEV) database: No

CVE-2025-24482 IMPACT

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.

CVSS 3.1 Base Score: 7.3
CVSS 3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CVSS 4.0 Base Score: 7.0
CVSS 4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CWE-94: Improper Control of Generation of Code ('Code Injection')
Known Exploited Vulnerability (KEV) database: No

Mitigations and Workarounds
Customers using the affected software are encouraged to apply the risk mitigations, if possible.

·         For CVE-2025-24481:

·         Upgrade to V15 or apply patch. Answer ID 1152306

·         Protect physical access to the workstation

·         Restrict access to port 8091 at the network or workstation

·         For CVE-2025-24482:

·         Upgrade to V15 or apply patch. Answer ID 1152304.

·         Check the environment variables (PATH), and make sure FactoryTalk® View SE installation path (C:\Program Files (x86)\Common Files\Rockwell) is before all others

For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices

to minimize the risk of the vulnerability.

Customers can use Stakeholder-Specific Vulnerability Categorization

to generate more environment-specific prioritization.

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. 개인 정보 보호 정책
CloseClose